Microsoft released a fix for a vulnerability in the Windows operating system that enabled attackers to increase their permissions to kernel level on a compromised machine. The original bug was an arbitrary pointer dereference allowing an attacker to control the src and dest pointers to a memcpy function. Microsoft s patch in June did not fix the original vulnerability (CVE-2020-0986) and it can still be leveraged with some adjustments. Microsoft’s patch was improper because it changed the pointers to offsets, so the function’s parameters could still be controlled.
Source: https://www.bleepingcomputer.com/news/security/windows-zero-day-with-bad-patch-gets-new-public-exploit-code/